Project

General

Profile

« Previous | Next » 

Revision 1498

Added by DarkViper almost 13 years ago

fixed secureform

View differences:

branches/2.8.x/CHANGELOG
12 12 

  		




  13
  13
  
    
=============================== FEATURES FREEZE ================================


  		




  14
  14
  
    
----------------------------------- Fixes 2.8.2 --------------------------------


  		




  
  15
  
    
11 Aug-2011 Build 1498 Werner v.d.Decken(DarkViper)


  		




  
  16
  
    
# fixed secureform


  		




  15
  17
  
    
11 Aug-2011 Build 1497 Werner v.d.Decken(DarkViper)


  		




  16
  18
  
    
! sync changelog


  		




  17
  19
  
    
11 Aug-2011 Build 1496 Werner v.d.Decken(DarkViper)


  		












  

    
      branches/2.8.x/wb/admin/interface/version.php
    
  





  52
  52
  
    

  		




  53
  53
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  54
  54
  
    
if(!defined('VERSION')) define('VERSION', '2.8.2');


  		




  55
  
  
    
if(!defined('REVISION')) define('REVISION', '1497');


  		




  
  55
  
    
if(!defined('REVISION')) define('REVISION', '1498');


  		












  

    
      branches/2.8.x/wb/framework/SecureForm.php
    
  





  14
  14
  
    
 * @version         $Id$


  		




  15
  15
  
    
 * @filesource		$HeadURL$


  		




  16
  16
  
    
 * @lastmodified    $Date$


  		




  17
  
  
    
 * @description     


  		




  
  17
  
    
 * @description


  		




  18
  18
  
    
 */


  		




  19
  
  
    
/* -------------------------------------------------------- */


  		




  20
  
  
    
// Must include code to stop this file being accessed directly


  		




  21
  
  
    
require_once('globalExceptionHandler.php');


  		




  22
  
  
    
if(!defined('WB_PATH')) { throw new IllegalFileException(); }


  		




  23
  
  
    
/* -------------------------------------------------------- */


  		




  24
  19
  
    

  		




  25
  20
  
    
class SecureForm {


  		




  26
  21
  
    

  		




  ......




  30
  25
  
    

  		




  31
  26
  
    
	private $_FTAN        = '';


  		




  32
  27
  
    
	private $_IDKEYs      = array('0'=>'0');


  		




  33
  
  
    
	private $_ftan_name   = 'x';


  		




  
  28
  
    
	private $_ftan_name   = '';


  		




  34
  29
  
    
	private $_idkey_name  = '';


  		




  35
  30
  
    
	private $_salt        = '';


  		




  36
  31
  
    
	private $_fingerprint = '';


  		




  37
  
  
    
	


  		




  
  32
  
    

  		




  38
  33
  
    
/* Construtor */


  		




  39
  34
  
    
	protected function __construct($mode = self::FRONTEND)


  		




  40
  35
  
    
	{


  		




  ......




  43
  38
  
    
		$this->_fingerprint = $this->_generate_fingerprint();


  		




  44
  39
  
    
	// generate names for session variables


  		




  45
  40
  
    
		$this->_ftan_name =


  		




  46
  
  
    
			substr($this->_fingerprint, -(16 + hexdec(substr($this->_fingerprint, 0, 1))), 16);


  		




  
  41
  
    
			substr($this->_fingerprint, -(16 + hexdec($this->_fingerprint[0])), 16);


  		




  47
  42
  
    
	// make sure there is a alpha-letter at first position


  		




  48
  43
  
    
		$this->_ftan_name = $this->_makeFirst2Letter($this->_ftan_name);


  		




  49
  
  
    
		$this->_idkey_name = 


  		




  
  44
  
    
		$this->_idkey_name =


  		




  50
  45
  
    
			substr($this->_fingerprint, hexdec($this->_fingerprint[strlen($this->_fingerprint)-1]), 16);


  		




  51
  46
  
    
	// make sure there is a alpha-letter at first position


  		




  52
  47
  
    
		$this->_idkey_name = $this->_makeFirst2Letter($this->_idkey_name);


  		




  ......




  55
  50
  
    
		{


  		




  56
  51
  
    
			$this->_IDKEYs = $_SESSION[$this->_idkey_name];


  		




  57
  52
  
    
		}else{


  		




  58
  
  
    
			$this->_IDKEYs = array('FF'=>'FF');


  		




  
  53
  
    
			$this->_IDKEYs = array('0'=>'0');


  		




  59
  54
  
    
			$_SESSION[$this->_idkey_name] = $this->_IDKEYs;


  		




  60
  55
  
    
		}


  		




  61
  56
  
    
	}


  		




  62
  
  
    
	/**


  		




  63
  
  
    
	 * make sure, the first Char of the hexnumber is a valid letter a-f)


  		




  64
  
  
    
	 * @param string $string hex - string


  		




  65
  
  
    
	 * @return string


  		




  66
  
  
    
	 */


  		




  
  57
  
    

  		




  67
  58
  
    
	private function _makeFirst2Letter($string)


  		




  68
  59
  
    
	{


  		




  69
  
  
    
		$replacement = dechex(10 + (hexdec(substr($string, 0, 1)) % 5));


  		




  70
  
  
    
		$string = (string)substr_replace( $string , $replacement , 0, 1);


  		




  
  60
  
    
		$string[0] = dechex(10 + (hexdec($string[0]) % 5));


  		




  71
  61
  
    
		return $string;


  		




  72
  62
  
    
	}


  		




  73
  63
  
    

  		




  ......




  140
  130
  
    
 */


  		




  141
  131
  
    
	final public function getFTAN( $mode = 'POST')


  		




  142
  132
  
    
	{


  		




  143
  
  
    
		if( $this->_FTAN == '') { $this->createFTAN(); }


  		




  144
  133
  
    
		$ftan = $this->_calcFtan($this->_FTAN);


  		




  145
  134
  
    
		if((is_string($mode) && strtolower($mode) == 'post') || ($mode === true))


  		




  146
  135
  
    
		{ // by default return a complete, hidden <input>-tag


  		




  ......




  164
  153
  
    
		$retval = false;


  		




  165
  154
  
    
		if(isset($_SESSION[$this->_ftan_name]))


  		




  166
  155
  
    
		{


  		




  167
  
  
    
			if( ($_SESSION[$this->_ftan_name] != '') &&


  		




  168
  
  
    
			    (strlen((string)$_SESSION[$this->_ftan_name]) == strlen(md5('dummy'))))


  		




  
  156
  
    
			if( $_SESSION[$this->_ftan_name] && (strlen($_SESSION[$this->_ftan_name]) == strlen(md5('dummy'))))


  		




  169
  157
  
    
			{


  		




  170
  158
  
    
				$ftan = $this->_calcFtan($_SESSION[$this->_ftan_name]);


  		




  171
  159
  
    
				unset($_SESSION[$this->_ftan_name]);


  		




  172
  160
  
    
				$mode = (strtoupper($mode) != 'POST' ? '_GET' : '_POST');


  		




  173
  
  
    
				if( isset(${$mode}[$ftan[0]]))


  		




  
  161
  
    
				if( isset($GLOBALS[$mode][$ftan[0]]))


  		




  174
  162
  
    
				{


  		




  175
  
  
    
					$retval = (${$mode}[$ftan[0]] == $ftan[1]);


  		




  176
  
  
    
					unset(${$mode}[$ftan[0]]);


  		




  
  163
  
    
					$retval = ($GLOBALS[$mode][$ftan[0]] == $ftan[1]);


  		




  
  164
  
    
					unset($GLOBALS[$mode][$ftan[0]]);


  		




  177
  165
  
    
				}


  		




  178
  166
  
    
			}


  		




  179
  167
  
    
		}


  		




  ......




  265
  253
  
    
 */


  		




  266
  254
  
    
 	final public function clearIDKEY()


  		




  267
  255
  
    
	{


  		




  268
  
  
    
		 $this->_IDKEYs = array('FF'=>'FF0');


  		




  
  256
  
    
		 $this->_IDKEYs = array('0'=>'0');


  		




  269
  257
  
    
	}


  		




  270
  
  
    
}


  		




  
  258
  
    
}


  		












Also available in:  Unified diff